Provisioning is the installation and configuration of an end entity on a network. This end entity, or “host,” may be a router, network attached storage, physical server, virtual server, etc. Traditionally, provisioning involves human interaction to establish the identity of the device. This establishment of host identity allows other security processes to reliably know who the host is, in order to ensure that only those hosts that are authorized to run a particular service do so.
Various schemes have been put forth to streamline and automate provisioning. However, these provisioning techniques rely upon a human actor to complete the provisioning process by participating in the establishment of the host identity. Virtual servers provide multiple separate server instances executing on common physical host, with each instance requiring separate provisioning. With the increasing population of servers, both physical and virtual, the problem becomes more challenging.
In large data center environments, this requirement for human interaction can lead to delays in provisioning as well as increased operational costs. Thus, there is a need for reasonably secure automated identification of hosts prior to their being turned over to production in order to permit fully automated provisioning of hosts.